Professional Documents
Culture Documents
04-30-14 Guide To MA Success PDF
04-30-14 Guide To MA Success PDF
Anthony Decicco
Matthew Jacobs
© Black Duck 2014
Speakers
Anthony Decicco
Partner
GTC Law Group
Matthew H. Jacobs
General Counsel
Black Duck Software, Inc.
Black Duck
KnowledgeB
ase
2,300+ licenses
4B+ files/1,000,000 +
unique projects
Third-party
• It’s third party software Software
• Permissive Licenses
• Licensee can use, copy, modify and distribute the software
• Licensee is allowed to combine the source with open source
or proprietary software
• Licensee is NOT obligated to distribute the source code of
derivative works Permissive:
• BSD
• MIT
• Copyleft Licenses
• Any Licensee modifications to the software must be
distributed under the same reciprocal OSS license
• Copyleft licenses are substantially more complex than
permissive licenses Copyleft:
• GPL
See www.opensource.org
• MPL
Source: //www.blackducksoftware.com/oss/licenses#top20
April 2014
8 © Black Duck 2014
Open Source is Everywhere
FOSS Community
Internally
Developed
Code
Outsourced Code
Development
Your Software Application
Commercial THE ENTERPRISE
3rd-Party Code
80%
30%
• Transactions
• Mergers & Acquisitions
• Divestitures
• Financings, including VC investments
• Loans
• IPOs
• Customer agreements
• Business Models
• Traditional distributed
• Software as a service
• Internal use
12 © Black Duck 2014
Impact on Transaction:
Why Should I Care About This?
• Macro Impact:
• Delay
• Signing
• Closing
• Pricing
• Deal certainty
• Kill the deal
• Particular Issues:
• Inability to cleanly make reps in the deal • Transfer/assignment/change-of-control
• Breach of licenses; automatic termination issues
• Copyright infringement • Under licensing; not enough seats/licenses
• ‘Viral’ infection of proprietary code • Combinations of components under
• Dependence on code from competitor/hostile incompatible licenses
party • Security vulnerabilities
• Automatic grant of licenses to certain of your • Notice and attribution non-compliance
patents • Failure to comply with licenses for “fourth party”
• Defensive patent termination rights components
Summary of Facts:
• Trilogy, which makes automotive purchasing-related software, acquired Versata, which owns
several different software companies
• Versata is involved in a dispute with its customer Ameriprise Financial as Ameriprise tried to
write its own software to replace the software from Versata
• As part of this dispute it comes out that the software Versata licensed to Ameriprise contains
code from XimpleWare. In addition, it appeared that Versata removed and altered the copyright
notices to conceal the fact that the code was from XimpleWare. Ameriprise distributed the
Versata product to 1000s of its contractors
• XimpleWare makes a high performance XML parser/processor that is dual licensed pursuant to
the GPLv2 and a commercial license; none of the defendants have a commercial license
XimpleWare also has patents relating to XML parsing/processing
• XimpleWare separately sues for patent infringement and copyright infringement, alleging damages
in excess of $150MM in the copyright suit
XimpleWare is claiming:
• Direct copyright infringement; knowing and willful
• Contributory and vicarious copyright infringement; knowing and willful
• Violation of Lanham Act §43(A); reverse passing off
• Breach of contract
• Did not comply with the GPL since did not make source code available
• GPL terminated given non-compliance, so unlicensed
• Breach of implied covenant of good faith and fair dealing under California law; entitles to punitive
damages - Dismissed
• Unjust enrichment
• Intentional interference with prospective economic advantage - Dismissed
• Unfair competition
• Declaratory relief
• Damages: in excess of $150MM, wants enhanced damages which it claims possibly triples amount
Then…:
• XimpleWare moves for a temporary restraining order but is denied
• Versata files motion to dismiss but is denied; Versata claims:
• It is licensed under the GPL and cites “mere aggregation” clause
• XimpleWare code and Versata code is on the same storage media, but are separate modules not
integrated with each other
• Versata included the XimpleWare source code in the distributions
• XimpleWare does not own the source code given it has taken contributions
• Pursuant to Section 6 of the GPL its customers “automatically receive[ ] a license from the original
licensor to copy, distribute or modify the Program subject to [the GPL]” and that the GPL does not
restrict use since “[t]he act of running the Program is not restricted”
• Several of XimpleWare’s claims are too vague
• Texas law applies, not California law, so the California state law claims are inapplicable
• Note that Versata has already shipped a patch that removes the XimpleWare code
• Pre-trial preparation order: Discovery cut-off - December 2014; Jury trial - April 2015
• Case recently dismissed, with prejudice, on February 28, 2014; likely settled
• Disclosure Schedules
Exceptions:
• Generally available commercial
off-the-shelf software with value
of less than $1000-$5000
• Fourth party code; without
knowledge
• Internal use only, non-
development related software
(e.g. CRM, HR and accounting
software); may be covered
elsewhere
• In-licensed software incorporated
into office equipment or other
equipment/products purchased or
leased
• Specific indemnities
• At a minimum for errors/omissions and breaches/non-compliance with in-licensed
software related reps
• In respect of certain agreements, licensors and components
• Additional escrows
• Set aside for specific issues and to back-stop specific indemnities
• Buyer/Investor
• Update due diligence request lists
• Update diligence process
• Include in-licensed software audit/code scan
• Kick-off promptly following LOI
• Prioritization
• Update reps and warranties
• Develop policies regarding acceptable third party software usage
• 1. Identify
• Aim to identify all of the third party software (both commercial
and open source) and hardware embedded in or used in the
development, maintenance, support and offering of products,
along with the applicable licenses and usage facts
• How?
• Self-disclosure
• Check work stations
• Procurement records
• String/keyword searching
• Code scans
• 2. Analyze
• Understand incompatibilities between the described or
proposed use of a given third party component and the license
terms for that component
• Analyze license terms which may be incompatible with current
or proposed business practices
• Consider:
• Internal use
• Distribution
• Hosting and allowing others to host
• Modification
• 3. Plan/Remediate
• Create a remediation plan to address identified issues
• Code remediation:
• Removing, rewriting or replacing code
• Costs: Engineering, time
• Legal remediation:
• Amending/terminating agreements, seeking clarifications, seeking
waivers of past liability, re-licensing components and obtaining new
licenses
• Costs: Legal, time, fees to licensors
• Notice and attribution:
• Does not remedy past non-compliance
• Risk mitigation/allocation:
• Additional representations and warranties
• Remediation-focused closing conditions and best efforts covenants
• Specific indemnities
• Additional escrows
+8 1,000’s $40B+
M&A Transactions
Years of Audits
Experience
• Discover unknown open source
• More thorough and accurate analysis
than manual audits
• Identify encryption technologies that
can restrict the legal export of software
• Identify security vulnerabilities that can
impact software asset value
Legal Webinars
www.blackducksoftware.com/resources/we
binars/legal
@black_duck_sw